Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/fdad8c-9ed3-4f01-b107-7486c0582f2a/1/3rf_yIMACq5DaYDOnJh3VsfexLk.roa
File: 3rf_yIMACq5DaYDOnJh3VsfexLk.roa (raw, json)
Hash identifier: qvirdsXQ/sCHrhbxjH6GQlp+A6rl5Nvx+1JnBvwPtQU=
Subject key identifier: DE:B7:FF:C8:83:00:0A:AE:43:69:80:CE:9C:98:77:56:C7:DE:C4:B9
Certificate issuer: /CN=69f8eb366fc6c8a09bfb140f1505f9ec675d42e4
Certificate serial: 018809EAE6A02DED675D4EBFDBE7FD1455BE
Authority key identifier: 69:F8:EB:36:6F:C6:C8:A0:9B:FB:14:0F:15:05:F9:EC:67:5D:42:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/afjrNm_GyKCb-xQPFQX57GddQuQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/81/fdad8c-9ed3-4f01-b107-7486c0582f2a/1/3rf_yIMACq5DaYDOnJh3VsfexLk.roa
Signing time: Thu 11 May 2023 08:26:09 +0000
ROA not before: Thu 11 May 2023 08:26:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15497
IP address blocks: 62.149.15.0/24 maxlen: 24
31.28.164.0/22 maxlen: 22
31.28.160.0/22 maxlen: 22
31.28.169.0/24 maxlen: 24
31.28.172.0/22 maxlen: 22
31.28.168.0/22 maxlen: 22
31.28.176.0/22 maxlen: 22
62.149.31.0/24 maxlen: 24
31.28.184.0/22 maxlen: 22
31.28.180.0/22 maxlen: 22
31.28.190.0/24 maxlen: 24
31.28.191.0/24 maxlen: 24
31.28.188.0/24 maxlen: 24
62.149.2.0/24 maxlen: 24
62.149.0.0/19 maxlen: 19
62.149.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:09:ea:e6:a0:2d:ed:67:5d:4e:bf:db:e7:fd:14:55:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=69f8eb366fc6c8a09bfb140f1505f9ec675d42e4
Validity
Not Before: May 11 08:26:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=deb7ffc883000aae436980ce9c987756c7dec4b9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:47:44:b6:5c:a1:01:d1:41:12:54:d9:07:62:
9b:95:ae:93:db:d0:29:4a:5f:1d:0d:e7:f0:99:f2:
ac:ea:26:17:04:3e:2d:32:c1:4f:94:d8:6e:6d:4d:
af:da:0e:52:8a:5b:15:3b:19:08:a0:0b:11:71:02:
83:a2:cd:26:f0:db:53:b0:94:57:86:24:68:48:4b:
11:56:b9:b2:b5:a7:f4:86:96:2c:db:91:27:aa:4e:
92:ff:ea:9a:18:eb:7e:d9:88:95:36:fc:b1:6e:cb:
63:ec:3b:e8:18:81:94:72:68:53:cd:64:13:cb:a4:
e0:94:78:da:f4:52:18:54:d8:11:51:58:38:ca:ca:
06:aa:c6:f2:53:40:4d:95:53:f1:5f:c1:f1:95:66:
ed:3b:8f:71:6f:c6:2c:58:e2:a0:fc:bd:90:e1:9c:
32:7c:e1:4c:e8:6e:10:c3:4b:ec:a3:07:68:87:a6:
dd:48:c7:cd:4b:46:68:de:80:cb:a8:91:65:21:e0:
61:d1:96:79:ee:e2:de:c4:09:c4:c6:5e:dc:06:ac:
f1:16:52:5e:d1:b1:23:dd:6b:6f:46:98:d8:5e:94:
12:a1:2b:cb:7d:c5:81:6b:83:95:9c:ea:53:ff:7e:
d3:87:93:26:c1:70:ed:f9:e9:4c:9a:89:25:e5:93:
fb:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:B7:FF:C8:83:00:0A:AE:43:69:80:CE:9C:98:77:56:C7:DE:C4:B9
X509v3 Authority Key Identifier:
keyid:69:F8:EB:36:6F:C6:C8:A0:9B:FB:14:0F:15:05:F9:EC:67:5D:42:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/afjrNm_GyKCb-xQPFQX57GddQuQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fdad8c-9ed3-4f01-b107-7486c0582f2a/1/3rf_yIMACq5DaYDOnJh3VsfexLk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/81/fdad8c-9ed3-4f01-b107-7486c0582f2a/1/afjrNm_GyKCb-xQPFQX57GddQuQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.28.160.0-31.28.188.255
31.28.190.0/23
62.149.0.0/19
Signature Algorithm: sha256WithRSAEncryption
50:a2:5c:1c:c7:8a:ec:c9:30:94:7a:5c:b1:d7:fc:32:61:1c:
17:b4:3d:57:26:b3:10:9b:7b:35:bb:4d:56:78:ec:30:50:bb:
ef:67:57:b8:f2:76:2d:db:41:8a:1c:03:de:b7:36:9b:99:a2:
65:71:52:9f:47:fd:cc:4d:d4:ee:86:d3:bf:96:00:fd:67:28:
36:1b:c0:47:7c:44:7d:08:33:98:29:61:49:1a:a3:98:52:aa:
96:ec:63:a0:f1:8a:d7:84:00:1c:5c:b4:86:a5:35:dc:9b:c9:
77:2b:b3:ae:6a:0d:b4:4b:65:d8:ed:39:f5:a3:6b:c1:43:30:
aa:8f:a9:aa:3b:c5:ef:92:a3:19:f5:dd:0e:59:16:14:14:4d:
e5:82:4d:96:54:19:0d:d3:22:3a:a4:1f:65:84:19:c0:c7:e1:
9e:68:55:56:cc:d9:a4:ec:a1:df:28:4f:07:60:c2:b9:99:d2:
12:77:d7:5d:92:81:eb:47:51:ee:90:27:53:dc:13:a6:9b:a6:
d9:3d:d0:6c:88:fe:7d:e8:d1:d9:18:be:83:0f:c5:99:08:9c:
4f:37:40:0e:4e:31:95:02:aa:ab:ee:75:da:28:24:86:97:48:
2c:cc:cf:84:7c:d2:99:07:45:a9:57:e9:42:81:21:aa:c6:f8:
da:85:c8:c7
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYgJ6uagLe1nXU6/2+f9FFW+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZjhlYjM2NmZjNmM4YTA5YmZiMTQwZjE1MDVmOWVjNjc1
ZDQyZTQwHhcNMjMwNTExMDgyNjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWI3ZmZjODgzMDAwYWFlNDM2OTgwY2U5Yzk4Nzc1NmM3ZGVjNGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkdEtlyhAdFBElTZB2Kbla6T29Ap
Sl8dDefwmfKs6iYXBD4tMsFPlNhubU2v2g5SilsVOxkIoAsRcQKDos0m8NtTsJRX
hiRoSEsRVrmytaf0hpYs25Enqk6S/+qaGOt+2YiVNvyxbstj7DvoGIGUcmhTzWQT
y6TglHja9FIYVNgRUVg4ysoGqsbyU0BNlVPxX8HxlWbtO49xb8YsWOKg/L2Q4Zwy
fOFM6G4Qw0vsowdoh6bdSMfNS0Zo3oDLqJFlIeBh0ZZ57uLexAnExl7cBqzxFlJe
0bEj3WtvRpjYXpQSoSvLfcWBa4OVnOpT/37Th5MmwXDt+elMmokl5ZP7ZQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFN63/8iDAAquQ2mAzpyYd1bH3sS5MB8GA1UdIwQY
MBaAFGn46zZvxsigm/sUDxUF+exnXULkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWZqck5tX0d5S0NiLXhRUEZRWDU3R2RkUXVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9mZGFkOGMtOWVkMy00ZjAxLWIxMDct
NzQ4NmMwNTgyZjJhLzEvM3JmX3lJTUFDcTVEYVlET25KaDNWc2ZleExrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9mZGFkOGMtOWVkMy00ZjAxLWIxMDctNzQ4NmMwNTgyZjJh
LzEvYWZqck5tX0d5S0NiLXhRUEZRWDU3R2RkUXVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAUfHKAD
BAAfHLwDBAEfHL4DBAU+lQAwDQYJKoZIhvcNAQELBQADggEBAFCiXBzHiuzJMJR6
XLHX/DJhHBe0PVcmsxCbezW7TVZ47DBQu+9nV7jydi3bQYocA963NpuZomVxUp9H
/cxN1O6G07+WAP1nKDYbwEd8RH0IM5gpYUkao5hSqpbsY6DxiteEABxctIalNdyb
yXcrs65qDbRLZdjtOfWja8FDMKqPqao7xe+Soxn13Q5ZFhQUTeWCTZZUGQ3TIjqk
H2WEGcDH4Z5oVVbM2aTsod8oTwdgwrmZ0hJ3112SgetHUe6QJ1PcE6abptk90GyI
/n3o0dkYvoMPxZkInE83QA5OMZUCqqvuddooJIaXSCzMz4R80pkHRalX6UKBIarG
+NqFyMc=
-----END CERTIFICATE-----
Generated at Mon Apr 21 15:03:31 2025 by rpki-client